CVE-2024-5843 – This vulnerability in Google Chrome allows atta... (How to Fix)

Q: What is the severity of CVE-2024-5843?

CVE-2024-5843 has a CVSS score of 6.5 (MEDIUM). This vulnerability in Google Chrome allows attackers to hide security warnings during file downloads, potentially tricking users into opening malicious files. It affects Chrome users on all platforms who haven't updated to the patched version. The attack requires user interaction to download and open a malicious file.

📋 TL;DR

This vulnerability in Google Chrome allows attackers to hide security warnings during file downloads, potentially tricking users into opening malicious files. It affects Chrome users on all platforms who haven't updated to the patched version. The attack requires user interaction to download and open a malicious file.

💻 Affected Systems

Products:

Google Chrome
Chromium-based browsers

Versions: All versions prior to 126.0.6478.54

Operating Systems: Windows, macOS, Linux, ChromeOS

Default Config Vulnerable: ⚠️ Yes

Notes: All standard Chrome installations are vulnerable. Chromium-based browsers may also be affected depending on their patch status.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be tricked into downloading and executing malware, ransomware, or other malicious payloads that appear to be legitimate files, leading to system compromise, data theft, or ransomware infection.

🟠

Likely Case

Attackers could use this to deliver phishing payloads, adware, or other malicious software by hiding security warnings that would normally alert users to suspicious downloads.

🟢

If Mitigated

With proper user awareness training and security controls, users would be less likely to open suspicious files even if warnings are hidden, limiting the impact to potential malware downloads that are caught by endpoint protection.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction to download and open a malicious file. No public exploit code has been released as of the advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 126.0.6478.54

Vendor Advisory: https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for updates and install version 126.0.6478.54 or later. 4. Click 'Relaunch' to restart Chrome with the update.

🔧 Temporary Workarounds

Disable automatic downloads

all

Configure Chrome to ask where to save each file before downloading, giving users more visibility into download actions.

chrome://settings/downloads → Toggle 'Ask where to save each file before downloading' to ON

Enable enhanced security warnings

all

Enable additional security features in Chrome settings to provide more download warnings.

chrome://settings/security → Enable 'Enhanced protection' or 'Standard protection' with all features

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unauthorized files
Deploy endpoint detection and response (EDR) solutions to monitor for suspicious download and execution patterns

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: Open Chrome → Click three-dot menu → Help → About Google Chrome. If version is below 126.0.6478.54, you are vulnerable.

Check Version:

On Windows: chrome://version/ | On Linux: google-chrome --version | On macOS: /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --version

Verify Fix Applied:

Verify Chrome version is 126.0.6478.54 or higher using the same About Google Chrome page.

📡 Detection & Monitoring

Log Indicators:

Chrome logs showing downloads of files with unusual extensions or from untrusted sources
Security event logs showing file downloads followed by execution

Network Indicators:

Downloads from suspicious domains or IP addresses
Unusual file download patterns from web servers

SIEM Query:

source="chrome" AND (event="download" OR event="file_save") AND (file_extension="exe" OR file_extension="bat" OR file_extension="ps1") AND user_interaction="false"

📊 Metadata

CVE ID: CVE-2024-5843

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE: CWE-843

Published: June 11, 2024

Last Updated: November 21, 2024

🔗 References

https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html Third Party Advisory
https://issues.chromium.org/issues/333940412 Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/ Third Party Advisory
https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html Third Party Advisory
https://issues.chromium.org/issues/333940412 Permissions Required
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5843, you might also want to check these: